Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Cloud Security Alliance Updates 'Top Threats to Cloud Computing' List

A refreshed version of the CSA’s 2016 report includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud-computing threat categories.

Seattle-based Cloud Security Alliance has some new and updated advice for enterprises that do some or all of their business using cloud applications—and that pretty much means all enterprises.

The global organization, which is dedicated to defining and raising awareness of best practices to help ensure secure cloud computing environments, on Oct. 20 released an update of its most important industry document, “Top Threats to Cloud Computing + Industry Insights.” Registration is required for the document download.

This refreshed version of the CSA’s 2016 report includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.

“It’s our hope that these updates will not only provide readers with more relevant context in which to evaluate the top threats, but that the enhanced paper will provide them with a real-world glimpse into what is currently occurring in the security industry,” said Scott Field, partner architect with Microsoft and chair of the CSA Top Threats Working Group.

Topics and real-world examples discussed in this document include the following:

Abuse and Nefarious Use of Cloud: Malware using cloud services to exfiltrate data and avoid detection; Zepto ransomware that spread and was hosted on cloud storage services; CloudSquirrel malware hosting command and control (C&C) in Dropbox; CloudFanta malware using cloud storage for malware delivery

Related Reading

CSA said the report provides organizations with an expert-informed understanding of cloud security concerns to make educated risk-management decisions regarding cloud adoption strategies. The report reflects the current consensus among security experts in the CSA community about the most significant security issues in the cloud.

The CSA Top Threats Working Group is responsible for providing needed context to assist organizations in making educated risk management decisions regarding their cloud adoption strategies. The working group is led by Field, along with longtime cloud security professionals Jon-Michael Brook, a principal of Security, Cloud & Privacy at Guide Holdings, and Dave Shackleford, a principal consultant with Voodoo Security.

The CSA invites interested companies and individuals to support the group’s research and initiatives. Companies and individuals interested in learning more or joining the group can visit the Top Threats Working Group page.